[Dovecot] Multiple use of the same LDAP attribute
Hi,
we've found a weird bug (?) in Dovecot 1.1.11.
Since day and age we've been running dovecot for our student mailserver, getting the location of the mailbox from a LDAP directory. We allow login and LDA with both full mail address and an internal username, so the mailbox directory is based on a LDAP attribute
user_attrs = xxxMailbox=mail=maildir:/home/mailstore/%U$/Maildir:INDEX=/home/mailstore/indexes/%1U$/%U$, uidNumber=vmail, gidNumber=vmail, xxxMailQuota=quota_rule2=*:storage=%$B
this worked just fine until we introduced sieve, which made us realize we did not have the home directory set at all.
The obvious and easy fix (we thought) was to set the home directory based on the xxxMailbox variable as well:
user_attrs = xxxMailbox=mail=maildir:/home/mailstore/%U$/Maildir:INDEX=/home/mailstore/indexes/%1U$/%U$, uidNumber=vmail, gidNumber=vmail, xxxMailQuota=quota_rule2=*:storage=%$B, xxxMailbox=home=/home/mailstore/%U$
unfortunately, after this trivial change hell froze over, because suddenly the mail variable was not set at all anymore, and since we had set
mail_location = maildir:/home/mailstore/%Uu/Maildir:INDEX=/home/mailstore/indexes/%1Un/%Un
(based on username) it was suddenly delivered into the wrong folder (based on the supplied username, not on the LDAP attribute).
Debug from after the change: Apr 8 13:53:39 lxmhs23 dovecot: auth(default): ldap(username@xxx.de): user search: base=<deleted> scope=onelevel filter=<deleted> fields=xxxMailbox,uidNumber,gidNumber,xxxMailQuota,xxxMailbox Apr 8 13:53:39 lxmhs23 dovecot: auth(default): ldap(username@xxx.de): result: xxxMailQuota(quota_rule2=*:storage=%$B)=*:storage=1073741824B xxxMailbox(home=/home/mailstore/%U$)=/home/mailstore/1636D8B1D7916DEA/ [...] Apr 8 13:53:39 lxmhs23 deliver(username@xxx.de): maildir: data=/home/mailstore/USERNAME@XXX.DE/Maildir:INDEX=/home/mailstore/indexes/U/USERNAME
As you can see the mail variable wasn't set by LDAP at all.
We did some more tests and found a workaround, when using another LDAP (mwnid) attribute that contains the same information it works just fine
user_attrs = xxxMailbox=mail=maildir:/home/mailstore/%U$/Maildir:INDEX=/home/mailstore/indexes/%1U$/%U$, uidNumber=vmail, gidNumber=vmail, xxxMailQuota=quota_rule2=*:storage=%$B, mwnid=home=/home/mailstore/%U$
Apr 8 14:18:06 lxmhs23 dovecot: auth(default): ldap(username@xxx.de): user search: base=<deleted> scope=onelevel filter=<deleted> fields=xxxMailbox,uidNumber,gidNumber,xxxMailQuota,mwnid Apr 8 14:18:06 lxmhs23 dovecot: auth(default): ldap(username@xxx.de): result: xxxMailQuota(quota_rule2=*:storage=%$B)=*:storage=1073741824B xxxMailbox(mail=maildir:/home/mailstore/%U$/Maildir:INDEX=/home/mailstore/indexes/%1U$/%U$)=maildir:/home/mailstore/1636D8B1D7916DEA//Maildir:INDEX=/home/mailstore/indexes/1/1636D8B1D7916DEA/ mwnid(home=/home/mailstore/%U$)=/home/mailstore/1636D8B1D7916DEA Apr 8 14:18:06 lxmhs23 deliver(username@xxx.de): maildir: data=/home/mailstore/1636D8B1D7916DEA//Maildir:INDEX=/home/mailstore/indexes/1/1636D8B1D7916DEA/
So, it looks like there is an issue using the same LDAP attribute (xxxMailbox in this case) twice in variable expansion.
Is this a known issue? Of course there are several viable workarounds (base mail location on home directory, use the second attribute), but this problem was pretty surprising.
Bernhard
Charles Marcus CMarcus@Media-Brokers.com wrote:
we've found a weird bug (?) in Dovecot 1.1.11. dovecot -n output is usually desired when asking for help, especially when it is a likely config issue...
I don't think it's a config issue, but here we go:
lxmhs23: # dovecot -n
# 1.1.11: /mnt/mail2/usr/etc/dovecot.conf
# OS: Linux 2.6.5-7.308-bigsmp i686 SUSE LINUX Enterprise Server 9
# (i586) nfs
listen: <ip>:143
ssl_listen: <ip>:993
disable_plaintext_auth: no
login_dir: /usr/local/var/run/dovecot/login
login_executable: /mnt/mail2/usr/libexec/dovecot/imap-login
login_process_per_connection: no
login_max_connections: 128
max_mail_processes: 2500
mail_uid: vmail
mail_gid: vmail
mail_location:
maildir:/home/mailstore/%Uu/Maildir:INDEX=/home/mailstore/indexes/%1Un/%Un
mmap_disable: yes
mail_nfs_index: yes
mail_plugins: quota imap_quota
namespace:
type: private
separator: .
prefix: INBOX.
inbox: yes
list: yes
subscriptions: yes
auth default:
username_format: %Lu
worker_max_count: 500
passdb:
driver: ldap
args: /mnt/mail2/usr/etc/dovecot-ldap.conf
userdb:
driver: ldap
args: /mnt/mail2/usr/etc/dovecot-ldap.conf
userdb:
driver: prefetch
socket:
type: listen
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
plugin:
quota: maildir
quota_rule: Trash:ignore
quota_rule2: *:storage=256M
quota_warning: storage=95%% /mnt/mail2/bin/quota-warning-95.sh
quota_warning2: storage=85%% /mnt/mail2/bin/quota-warning-85.sh
Bernhard
On Wed, 2009-04-08 at 13:07 +0000, Bernhard Schmidt wrote:
So, it looks like there is an issue using the same LDAP attribute (xxxMailbox in this case) twice in variable expansion.
Is this a known issue?
Yes. I was planning on rewriting LDAP configuration and getting it fixed at the same time, but looks like it didn't happen yet for v1.2.
Of course there are several viable workarounds (base mail location on home directory,
This is what I would have suggested. Seems like a cleaner solution in any case.
On Wed, Apr 08, 2009 at 12:41:17PM -0400, Timo Sirainen wrote:
So, it looks like there is an issue using the same LDAP attribute (xxxMailbox in this case) twice in variable expansion. Is this a known issue? Yes. I was planning on rewriting LDAP configuration and getting it fixed at the same time, but looks like it didn't happen yet for v1.2.
Okay, thanks for the clarification.
Of course there are several viable workarounds (base mail location on home directory, This is what I would have suggested. Seems like a cleaner solution in any case.
Come to think of it, any hint how I can implement the existing scheme?
user_attrs = xxxMailbox=mail=maildir:/home/mailstore/%U$/Maildir:INDEX=/home/mailstore/indexes/%1U$/%U$, xxxMailbox=home=/home/mailstore/%U$
the maildir location is easy (mail=maildir:~/Maildir), but the index is hard, as I don't have the userid in any variable.
The only thing I can come up with atm is
user_attrs = xxxMailbox=home=/home/mailstore/%U$, xxxMailbox=mail=maildir:~/Maildir:INDEX=/home/mailstore/indexes/%16.1h/%16.99h
but I'm willing to bet that this is going to break at some point, the latest point being when someone changes the mailstore path and forgets to update the offset :-\
What happens when the width is larger than the length of the string anyway?
Bernhard
Bernhard Schmidt wrote:
On Wed, Apr 08, 2009 at 12:41:17PM -0400, Timo Sirainen wrote:
Of course there are several viable workarounds (base mail location on home directory,
Come to think of it, any hint how I can implement the existing scheme?
user_attrs = xxxMailbox=mail=maildir:/home/mailstore/%U$/Maildir:INDEX=/home/mailstore/indexes/%1U$/%U$, xxxMailbox=home=/home/mailstore/%U$
the maildir location is easy (mail=maildir:~/Maildir), but the index is hard, as I don't have the userid in any variable.
The only thing I can come up with atm is
user_attrs = xxxMailbox=home=/home/mailstore/%U$, xxxMailbox=mail=maildir:~/Maildir:INDEX=/home/mailstore/indexes/%16.1h/%16.99h
but I'm willing to bet that this is going to break at some point, the latest point being when someone changes the mailstore path and forgets to update the offset :-\
What happens when the width is larger than the length of the string anyway?
Bernhard
I'll admit I don't understand what you're trying to do with the above parameters, but let me share what I'm using and see if it helps. I happen to be using a pure virtual configuration, with my mail users logging in using their full email address as a username. So all I need to store in LDAP is the email address and the password.
dovecot-ldap.conf user_attrs = maildir:%d/%n/Maildir=mail,%d/%n=home pass_attrs = mail=user,userPassword=password
dovecot.conf [...] mail_location = maildir:/var/mail/%d/%n/Maildir [...] userdb static { args = uid=vmail gid=vmail home=/var/mail/%d/%n mail=maildir:/var/mail/%d/%n allow_all_users=yes } [...]
This lets me store all mail under /var/mail/DOMAIN/USER/Maildir - with a home of /var/mail/DOMAIN/USER.
I'm pretty sure at least some of the parameters I'm using are redundant or unused, but thus far it works great.
Daniel
Daniel L. Miller dmiller@amfes.com wrote:
I'll admit I don't understand what you're trying to do with the above parameters, but let me share what I'm using and see if it helps. I happen to be using a pure virtual configuration, with my mail users logging in using their full email address as a username. So all I need to store in LDAP is the email address and the password.
This is the difference, here they can login either with their full email address (also aliases) or with their internal userid (which is 16 char hex). The home directory is derived from the latter, but since they can also login with the mailaddress I can't use anything from the supplied username to set the directory/mail location.
Bernhard
participants (4)
-
Bernhard Schmidt
-
Charles Marcus
-
Daniel L. Miller
-
Timo Sirainen